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MEMORANDUM FOR: Director of Data Processing 


FROM 

Director of Communications 
SUBJECT : Headquarters Area Data Distribution (U) 
REFERENCE. : OCC-M-78-166, dated 10 April 1978 


Pursuant to the SAFE Security Committee's recommen- 
dation contained in the reference, this office studied 
the impact of the factors leading to the SAFE decision on 
other Headquarters area data distribution requirements. 
The policy paper which came out of this study is attached. 
It recommended to the Director of Security that Black 
data distribution be required for ali future Headquarters 
systems, and he concurred. (U/AIUQO) 
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MEMORANDUM FOR: Director of Security 


FROM 
: Director of Communications 


SUBJECT : Headquarters Area Data Distribution (U) 


1. Action Requested: Your concurrence with a policy 
requiring encryption of bus communications and encouraging 
an evolution to encrypted data distribution throughout the 
Headquarters area is requested in paragraph three. (U) 


_ 2, \Background: The selection of a Black communications 
architecture for SAFE's wideband communications system (WCS) 
followed a careful examination of security factors both 
unigue to SAFE and common to the general problem of classified 
data distribution. Inasmuch as SAFE communications on the WCS 
will be secured by end-to-end encryption, the WCS need not and 
will not be installed with the physical security protection 
features required for a classified plain text (Red) wireline 
distribution system. Since the WCS is intended to provide 
communications capacity for systems other than SAFE, such as 


25X1A [RRM the Black architecture decision applies to these 


systems as well. This memorandum will explore further the 
impact of this decision and propose a general policy for the 


protection of Headquarters area data distribution. (C) 


, 3. In considering the case for a general Headquarters 
area data distribution policy, it is important to review the 


‘factors which led to the decision to implement Black 


distribution on the SAFE project. 


a. ‘Protection - A Red wireline distribution 
system relies on conventional physical security 
protection. <A Black system provides a higher degree 
of protection because all data is encrypted on an end- 
to-end basis. A Black distribution system also reduces 
TEMPEST hazards by limiting the potential problem areas 

- to the information processors and terminal devices. 
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SUBJECT: Headquarters Area Data Distribution (U) 


- b. Cost - The SAFE security evaluation concluded 
that although the initial cost of cryptographic 
protection is higher than (but comparable to) the 

cost of physically securing a Red wireline distribution 
system, the additional cost is justified on the basis 
of.the increased protection afforded. 


c. Vulnerability of Bus Communications - An 
inherent characteristic of a bus-type wideband communi- 
cation system is distribution of the totality of system 

communications to all points on its path. Conversely, a 
distribution system using discrete conductors limits 
data distribution to a relatively direct route from 
seurce to destination. The availability of such a large 
concentration of data at any point on a Red bus adds a 
higher level of concern for the potential vulnerability 
of such: systems. (C) 

: 4, Security through compartmentation is another factor 
which should be considered. SAFE is designed to operate 

in a dedicated mode, i.e., spillage or misrouting of data 
within the system is not a significant security concern. On 
the other hand, the DDO has levied a requirement for WCS 
service with. an explicit request for compartmentation 
protection. . The proposed SAFE cryptographic system provides 
compartmentation security for communications as a virtue of 
end-to-end encryption. (C) 

1 5. OC is projecting a significant increase in secure voice 
service over the next few years. Although the security factors 
for voice and data are identical, the magnitude of the voice 
distribution requirement and the lack of available cost- 
effective encryption equipment may make the use of Red 
distribution a necessity for years to come. In the Head- 
quarters building, a shift to WCS for data circuits should 
make considerable Red distribution capacity available for 
expanded secure voice. (C) 


6. Recommendation: In consideration of both the security 
factors and the near-future availability of bus communications 
capacity, it is recommended that Black data distribution be 
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SUBJECT: Headquarters Area Data Distribution (U) 


required for all new Headquarters data distribution require- 
ments scheduled for implementation after the installation of 
the SAFE wideband communications system. (C) 
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MEMORANDUM FOR: Director of Data Processing . 


FROM : a 
Chairman, OS/OC Security Review Committee 


SUBJECT " + Security Review of SAFE Proposals (UV) 


1, (U/AIUO) Attached are the findings of the Security 
Committee Review for the SAFE proposals submitted by| 
It is the recommendation of the Securit 
Working Group that the BLACK system bus architecture be ~ 
selected for the SAFE program. eS ee ee . 


2. (C) The three key factors which impact the conclusions 
and recommendations for the report are: a 


a. The totality of sensitive data on a RED bus, 


b. The budgetary constraints for a labor intensive 
on-going line surveillance program deemed essential for 
a RED bus, 


: -¢. The advancement of the state-of-the-art 
anticipated in the field of microminiature technical > 
' collection equipment. 


3. {(U/AIUO) We, ODP/OC/OS, are entering the next 
generation of information handling within the Agency and within 
the'Intelligence Cemmunity. It is imperative that crucial 
cecisions be made at the entry point to obviate the recognized 
expense of retrofits, 
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